How would you identify the spam users as the ones to delete using a bulk delete tool? Or are you envisioning a bulk delete tool that shows all users and you just check a box next to each one you want to delete? I have to block the user first, then delete them. I imagine the tool would need to be able to bypass that step.

Yes, if there is a way to to check different users and then do a "bulk delete" that will work. My Q2A site is fairly new but a spam bot found my site so I know most of the registered users are spam; so deleting all users in one shot is something I can do at this point in time.

I have the same problem on my Q2A sites. I think it would be very useful to have a function to bulk-delete users who have not been active (or whose points are below a certain level) with a sufficiently long minimum time since their registration (or their last activity). That way, you probably also delete some "real" users who have signed up and then fell asleep but I guess you won't miss them anyway since they effectively don't contribute.

I still have this issue. There are no spam questions being posted but I have over 5 pages of spam registered users that still get passed the ReCaptcha or maybe there is an exploit in Q2A that lets spam bots get around this easily.

Are there any updates on Q2A to make it more secure and fix this exploit?

3 Answers

The easiest way I know of is to run a delete statement on the database directly. This will be easier if the account all have something in common such as full name or company. I'm on my mobile right now and will try and write out a specific query for you later.

Have you turned on preventative measures to block spam moving forward? ReCaptcha and email verification should help a fair amount.

I know WordPress is highly targeted by spam bots too but at least with WordPress when someone comments on my blog site it is sent as "pending" and then I can simply do a bulk delete from admin.

Or also with WordPress there is a plugin that limits the number of registered users coming from the same IP address. There are definitely ways to fight against spam; it's just the developers of Q2A have to implement them into the next update.

* when someone comments on my blog site it is sent as "pending" => This is already present in the Q2A core, in the admin/spam section, along with many other options
* limits the number of registered users coming from the same IP address => This is already present in the Q2A core, in the admin/spam section, along with many other options

The only thing is not present is the bulk delete, which would save some clicks but will not decrease the amount of spam registration attempts

Yes bulk delete will not decrease the spam attempts, but stopping spam is just first step. But for the second step we also have to face what they have already done and for that having a bulk delete option will really help. As most of the q2a website owners are complaining for spam attacks and untill there is a way found to stop spam, we should think of the way which is already in most of q2a like cms.